Providing and managing security for large networked systems is difficult because their size and complexity makes manual design and management nearly impossible. Current security management tools lack functionality and mostly work only in mono-vendor environments. The POSITIF project has developed an open framework (and related tools) to support the design and management of security architectures, based on formal methods to describe a network system and the security requirements. The framework is easily expandable and can interface with limited effort to several open-source or proprietary security technologies and tools.